Re: Auth, Session Timouts & Login
Hi Thanks for replying. I've got $this->Session->destroy(); in my logout method which doesn't solve it. Redirecting to a non-auth page would be inconvenient. Any other ideas? Cheers On Dec 10, 8:40 pm, thatsgreat2345 <[EMAIL PROTECTED]> wrote: > On logout delete the session cookies, or redirct to a page with out > auth component on logout. > > On Dec 10, 9:51 am, lazlo2019 <[EMAIL PROTECTED]> wrote: > > > Hi > > > Here's the scenario. Set the timeout to a very low number (I'm using 1 > > for arguments sake) and security to high. Login as normal. Logout or > > wait for the session to timeout and end up back at the login page. If > > I then try to login within the timeout limit it'll be fine. If however > > I try to login after the timeout period I'll get "not authorized to > > view that location" error. This continues until you attempt to login > > within the timeout period of a previous login attempt. > > > However, if I pass the timeout period BUT use FF Web Dev Toolbar or > > whatever to delete the domain/session cookies, it let's me in. > > > I can see in Auth.php where the flow differs depending on pre or post > > timeout. It's line 294 (RC2) (if ($loginAction == $url) {). If you try > > pre-timeout its false, post-timeout its true. > > > My timeout needs to be low and security high and I can just imagine > > getting the call "why do I have to login twice?" once the site goes > > live. > > > Replicated in RC2 and RC3. > > > Anyone got any ideas or able to replicate? Any ideas appreciated. > > > Thanks guys --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Auth, Session Timouts & Login
On logout delete the session cookies, or redirct to a page with out auth component on logout. On Dec 10, 9:51 am, lazlo2019 <[EMAIL PROTECTED]> wrote: > Hi > > Here's the scenario. Set the timeout to a very low number (I'm using 1 > for arguments sake) and security to high. Login as normal. Logout or > wait for the session to timeout and end up back at the login page. If > I then try to login within the timeout limit it'll be fine. If however > I try to login after the timeout period I'll get "not authorized to > view that location" error. This continues until you attempt to login > within the timeout period of a previous login attempt. > > However, if I pass the timeout period BUT use FF Web Dev Toolbar or > whatever to delete the domain/session cookies, it let's me in. > > I can see in Auth.php where the flow differs depending on pre or post > timeout. It's line 294 (RC2) (if ($loginAction == $url) {). If you try > pre-timeout its false, post-timeout its true. > > My timeout needs to be low and security high and I can just imagine > getting the call "why do I have to login twice?" once the site goes > live. > > Replicated in RC2 and RC3. > > Anyone got any ideas or able to replicate? Any ideas appreciated. > > Thanks guys --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Auth, Session Timouts & Login
Hi Here's the scenario. Set the timeout to a very low number (I'm using 1 for arguments sake) and security to high. Login as normal. Logout or wait for the session to timeout and end up back at the login page. If I then try to login within the timeout limit it'll be fine. If however I try to login after the timeout period I'll get "not authorized to view that location" error. This continues until you attempt to login within the timeout period of a previous login attempt. However, if I pass the timeout period BUT use FF Web Dev Toolbar or whatever to delete the domain/session cookies, it let's me in. I can see in Auth.php where the flow differs depending on pre or post timeout. It's line 294 (RC2) (if ($loginAction == $url) {). If you try pre-timeout its false, post-timeout its true. My timeout needs to be low and security high and I can just imagine getting the call "why do I have to login twice?" once the site goes live. Replicated in RC2 and RC3. Anyone got any ideas or able to replicate? Any ideas appreciated. Thanks guys --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---